VYPR

Coldfusion

by Adobe Inc.

Source repositories

CVEs (222)

  • CVE-2025-43562May 13, 2025
    risk 0.01cvss epss 0.33

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A…

  • CVE-2025-43560May 13, 2025
    risk 0.01cvss epss 0.11

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security…

  • CVE-2025-30281Apr 8, 2025
    risk 0.01cvss epss 0.15

    ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper…

  • CVE-2024-53961Dec 23, 2024
    risk 0.01cvss epss 0.13

    ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or…

  • CVE-2024-34112Jun 13, 2024
    risk 0.01cvss epss 0.24

    ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this…

  • CVE-2023-26361Mar 23, 2023
    risk 0.01cvss epss 0.62

    Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does…

  • CVE-2022-35690Oct 14, 2022
    risk 0.01cvss epss 0.72

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user…

  • CVE-2019-8074Sep 27, 2019
    risk 0.01cvss epss 0.19

    ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

  • CVE-2019-8073Sep 27, 2019
    risk 0.01cvss epss 0.08

    ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

  • CVE-2013-3350Jul 10, 2013
    risk 0.01cvss epss 0.08

    Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

  • CVE-2008-1203Mar 12, 2008
    risk 0.01cvss epss 0.15

    The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

  • CVE-2007-5905Nov 15, 2007
    risk 0.01cvss epss 0.13

    Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.

  • CVE-2006-5858Dec 31, 2006
    risk 0.01cvss epss 0.13

    Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

  • CVE-2025-61808Dec 9, 2025
    risk 0.00cvss epss 0.08

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and…

  • CVE-2025-61812Dec 9, 2025
    risk 0.00cvss epss 0.04

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2025-61821Dec 9, 2025
    risk 0.00cvss epss 0.00

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data…

  • CVE-2025-64898Dec 9, 2025
    risk 0.00cvss epss 0.00

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting…

  • CVE-2025-61809Dec 9, 2025
    risk 0.00cvss epss 0.01

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write…

  • CVE-2025-61822Dec 9, 2025
    risk 0.00cvss epss 0.01

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system.…

  • CVE-2025-64897Dec 9, 2025
    risk 0.00cvss epss 0.00

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial…

Page 5 of 12